Package binaries that we use in production with apt and remove those dependencies from chef
We have all the nodes failing to run chef because
[2017-08-09T00:39:13+00:00] INFO: HTTP Request Returned 401 Unauthorized:
[2017-08-09T00:39:13+00:00] WARN: remote_file[/var/chef/cache/gitlab-monitor.tar.gz] cannot be downloaded from https://dev.gitlab.org/gitlab-org/gitlab-monitor/repository/archive.tar.gz?ref=v1.9.0: 401 "Unauthorized"
This is happening because we are downloading packages from dev in chef.
We have other samples for things like mtail (https://gitlab.com/gl-infra/mtail) in which we are using the CI artifact to download from the chef recipe (https://gitlab.com/gitlab-cookbooks/gitlab-prometheus/blob/master/attributes/mtail.rb#L11) and forcing us to slow down chef execution because we have to download the package on every execution to calculate the checksum to see if we should be installing it or not.
This is the job of a package manager.
I propose that instead of doing this, we use gitlab-ci to create apt packages of these binaries that we need for production and push them to our internal package cache layer (http://aptly.gitlab.com/) to detach chef from binaries and simplify the recipes. And then switch to GitLab itself when the package manager feature becomes available.
cc/ @sitschner